1adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project/* 2adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Licensed to the Apache Software Foundation (ASF) under one or more 3adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * contributor license agreements. See the NOTICE file distributed with 4adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * this work for additional information regarding copyright ownership. 5adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * The ASF licenses this file to You under the Apache License, Version 2.0 6adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * (the "License"); you may not use this file except in compliance with 7adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the License. You may obtain a copy of the License at 8adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * 9adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * http://www.apache.org/licenses/LICENSE-2.0 10adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * 11adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Unless required by applicable law or agreed to in writing, software 12adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * distributed under the License is distributed on an "AS IS" BASIS, 13adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * See the License for the specific language governing permissions and 15adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * limitations under the License. 16adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 17adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 18adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectpackage java.security.cert; 19adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 20adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.InvalidAlgorithmParameterException; 21adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.InvalidParameterException; 22adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.KeyStore; 23adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.KeyStoreException; 24adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.util.Set; 25adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 26adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project/** 27adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * The parameter specification for a PKIX {@code CertPathBuilder} 28f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * algorithm used to {@link CertPathBuilder#build(CertPathParameters) build} 29f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * certificate chains validated with the PKIX certification path validation. 30adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * <p> 31adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * The parameters must be created with <i>trusted</i> certificate authorities 32adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * and constraints for the target certificates. 332f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 34adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @see CertPathBuilder 35adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @see CertPathParameters 36adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 37adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectpublic class PKIXBuilderParameters extends PKIXParameters { 38adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project // Maximum certificate path length (5 by default) 39adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project private int maxPathLength = 5; 40adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 41adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 42adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Creates a new {@code PKIXBuilderParameters} instance with the specified 43adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * set of {@code TrustAnchor} and certificate constraints. 44f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * 45adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param trustAnchors 46adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the set of {@code TrustAnchors}. 47adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param targetConstraints 48adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the certificate constraints. 49adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws InvalidAlgorithmParameterException 50adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if {@code trustAnchors} is empty. 51adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws ClassCastException 52adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if one of the items in {@code trustAnchors} is not an 53adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * instance of {@code java.security.cert.TrustAnchor}. 54adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 55adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public PKIXBuilderParameters(Set<TrustAnchor> trustAnchors, 56adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project CertSelector targetConstraints) 57adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project throws InvalidAlgorithmParameterException { 58adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project super(trustAnchors); 59adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project super.setTargetCertConstraints(targetConstraints); 60adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 61adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 62adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 63adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Creates a new {@code PKIXBuilderParameters} instance with the trusted 64adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * {@code X509Certificate} entries from the specified {@code KeyStore}. 65f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * 66adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param keyStore 67adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the key store containing trusted certificates. 68adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param targetConstraints 69adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the certificate constraints. 70adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws KeyStoreException 71adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the {@code keyStore} is not initialized. 72adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws InvalidAlgorithmParameterException 73adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if {@code keyStore} does not contained any trusted 74adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * certificate entry. 75adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 76adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public PKIXBuilderParameters(KeyStore keyStore, 77adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project CertSelector targetConstraints) 78adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project throws KeyStoreException, 79adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project InvalidAlgorithmParameterException { 80adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project super(keyStore); 81adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project super.setTargetCertConstraints(targetConstraints); 82adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 83adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 84adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 85adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns the maximum length of a certification path. 86adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * <p> 87adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * This is the maximum number of non-self-signed certificates in a 88adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * certification path. 892f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 90adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return the maximum length of a certification path, or {@code -1} if it 91adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * is unlimited. 92adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 93adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public int getMaxPathLength() { 94adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return maxPathLength; 95adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 96adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 97adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 98adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Set the maximum length of a certification path. 99adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * <p> 100adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * This is the maximum number of non-self-signed certificates in a 101adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * certification path. 102f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * 103adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param maxPathLength 104adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the maximum length of a certification path. 105adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws InvalidParameterException 106adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if {@code maxPathLength} is less than {@code -1}. 107adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 108adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public void setMaxPathLength(int maxPathLength) { 109adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (maxPathLength < -1) { 110897538a36c18f4db8f9f68ee566aec0bda842e9fElliott Hughes throw new InvalidParameterException("maxPathLength < -1"); 111adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 112adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project this.maxPathLength = maxPathLength; 113adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 114adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 115adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 116adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns a string representation of this {@code PKIXBuilderParameters} 117adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * instance. 118f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * 119adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return a string representation of this {@code PKIXBuilderParameters} 120adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * instance. 121adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 122adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public String toString() { 123f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes StringBuilder sb = new StringBuilder("[\n"); 124adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project sb.append(super.toString()); 125f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes sb.append(" Max Path Length: "); 126adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project sb.append(maxPathLength); 127f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes sb.append("\n]"); 128adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return sb.toString(); 129adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 130adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project} 131